Basic support for numeric keys

build/cmake/ProjectVariables.cmake

@@ -17,7 +17,7 @@
 ################################################################################
 
 # These options apply to all PDO projects
-ADD_COMPILE_OPTIONS(-m64 -fvisibility=hidden -fpie -fPIC -fstack-protector -Wall)
+ADD_COMPILE_OPTIONS(-m64 -fvisibility=hidden -fpie -fPIC -fstack-protector)
 ADD_COMPILE_OPTIONS($<$<COMPILE_LANGUAGE:CXX>:-std=c++11>)
 
 OPTION(PDO_DEBUG_BUILD "Build with debugging turned on" FALSE)
@@ -35,3 +35,23 @@ ELSE()
   ADD_COMPILE_DEFINITIONS(PDO_DEBUG_BUILD=0)
   MESSAGE(STATUS "Compiling with optimizations (-O2). To use debug flags, set the DEBUG environment variable.")
 ENDIF()
+
+# The verbose build flag allows warning messages
+# to be turned off. This removes a lot of the verbosity
+# of the OpenSSL/SGXSSL deprecation warnings. In general
+# we do not want to ignore those messages to verbose is
+# set to true by default.
+OPTION(PDO_VERBOSE_BUILD "Build with all warnings turned on" TRUE)
+
+IF (DEFINED ENV{PDO_VERBOSE_BUILD})
+  SET(PDO_VERBOSE_BUILD $ENV{PDO_VERBOSE_BUILD})
+ENDIF()
+
+IF (${PDO_VERBOSE_BUILD})
+  ADD_COMPILE_OPTIONS(-Wall)
+ELSE()
+  # this should not be necessary (no -Wall), but make
+  # sure we don't pick up the OpenSSL/SGXSSL deprecation warnings
+  ADD_COMPILE_OPTIONS(-Wno-deprecated)
+  ADD_COMPILE_OPTIONS(-Wno-deprecated-declarations)
+ENDIF()

common/crypto/crypto_shared.h

@@ -14,6 +14,14 @@
  */
 
 #pragma once
+
+#include <memory>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/ec.h>
+#include <openssl/rsa.h>
+
 namespace pdo
 {
 namespace crypto
@@ -23,5 +31,21 @@ namespace crypto
         // OpenSSL Error string buffer size
         const int ERR_BUF_LEN = 130;
     }
+
+    // Typedefs for memory management
+    // Specify type and destroy function type for unique_ptrs
+    typedef std::unique_ptr<BIGNUM, void (*)(BIGNUM*)> BIGNUM_ptr;
+    typedef std::unique_ptr<BN_CTX, void (*)(BN_CTX*)> BN_CTX_ptr;
+
+    typedef std::unique_ptr<BIO, void (*)(BIO*)> BIO_ptr;
+
+    typedef std::unique_ptr<EVP_CIPHER_CTX, void (*)(EVP_CIPHER_CTX*)> CTX_ptr;
+
+    typedef std::unique_ptr<EC_GROUP, void (*)(EC_GROUP*)> EC_GROUP_ptr;
+    typedef std::unique_ptr<EC_KEY, void (*)(EC_KEY*)> EC_KEY_ptr;
+    typedef std::unique_ptr<EC_POINT, void (*)(EC_POINT*)> EC_POINT_ptr;
+    typedef std::unique_ptr<ECDSA_SIG, void (*)(ECDSA_SIG*)> ECDSA_SIG_ptr;
+
+    typedef std::unique_ptr<RSA, void (*)(RSA*)> RSA_ptr;
 }
 }

common/crypto/pkenc_private_key.cpp

@@ -38,14 +38,6 @@
 namespace pcrypto = pdo::crypto;
 namespace constants = pdo::crypto::constants;
 
-// Typedefs for memory management
-// Specify type and destroy function type for unique_ptrs
-typedef std::unique_ptr<BIO, void (*)(BIO*)> BIO_ptr;
-typedef std::unique_ptr<EVP_CIPHER_CTX, void (*)(EVP_CIPHER_CTX*)> CTX_ptr;
-typedef std::unique_ptr<BN_CTX, void (*)(BN_CTX*)> BN_CTX_ptr;
-typedef std::unique_ptr<BIGNUM, void (*)(BIGNUM*)> BIGNUM_ptr;
-typedef std::unique_ptr<RSA, void (*)(RSA*)> RSA_ptr;
-
 // Error handling
 namespace Error = pdo::error;
 
@@ -54,7 +46,7 @@ namespace Error = pdo::error;
 // throws RuntimeError, ValueError
 RSA* deserializeRSAPrivateKey(const std::string& encoded)
 {
-    BIO_ptr bio(BIO_new_mem_buf(encoded.c_str(), -1), BIO_free_all);
+    pdo::crypto::BIO_ptr bio(BIO_new_mem_buf(encoded.c_str(), -1), BIO_free_all);
     if (!bio)
     {
         std::string msg("Crypto Error (deserializeRSAPrivateKey): Could not create BIO");
@@ -151,9 +143,9 @@ void pcrypto::pkenc::PrivateKey::Generate()
 {
     if (private_key_)
         RSA_free(private_key_);
-    
+
     unsigned long e = RSA_F4;
-    BIGNUM_ptr exp(BN_new(), BN_free);
+    pdo::crypto::BIGNUM_ptr exp(BN_new(), BN_free);
     private_key_ = nullptr;
 
     if (!exp)
@@ -170,7 +162,7 @@ void pcrypto::pkenc::PrivateKey::Generate()
         throw Error::RuntimeError(msg);
     }
 
-    RSA_ptr private_key(RSA_new(), RSA_free);
+    pdo::crypto::RSA_ptr private_key(RSA_new(), RSA_free);
     if (!private_key)
     {
         std::string msg("Crypto  Error (pkenc::PrivateKey()): Could not create new RSA key");
@@ -199,7 +191,7 @@ std::string pcrypto::pkenc::PrivateKey::Serialize() const
         std::string msg("Crypto Error (Serialize): PrivateKey is not initialized");
         throw Error::RuntimeError(msg);
     }
-    BIO_ptr bio(BIO_new(BIO_s_mem()), BIO_free_all);
+    pdo::crypto::BIO_ptr bio(BIO_new(BIO_s_mem()), BIO_free_all);
     if (!bio)
     {
         std::string msg("Crypto Error (Serialize): Could not create BIO\n");

common/crypto/pkenc_public_key.cpp

@@ -38,14 +38,6 @@
 namespace pcrypto = pdo::crypto;
 namespace constants = pdo::crypto::constants;
 
-// Typedefs for memory management
-// Specify type and destroy function type for unique_ptrs
-typedef std::unique_ptr<BIO, void (*)(BIO*)> BIO_ptr;
-typedef std::unique_ptr<EVP_CIPHER_CTX, void (*)(EVP_CIPHER_CTX*)> CTX_ptr;
-typedef std::unique_ptr<BN_CTX, void (*)(BN_CTX*)> BN_CTX_ptr;
-typedef std::unique_ptr<BIGNUM, void (*)(BIGNUM*)> BIGNUM_ptr;
-typedef std::unique_ptr<RSA, void (*)(RSA*)> RSA_ptr;
-
 // Error handling
 namespace Error = pdo::error;
 
@@ -54,7 +46,7 @@ namespace Error = pdo::error;
 // throws RuntimeError, ValueError
 RSA* deserializeRSAPublicKey(const std::string& encoded)
 {
-    BIO_ptr bio(BIO_new_mem_buf(encoded.c_str(), -1), BIO_free_all);
+    pdo::crypto::BIO_ptr bio(BIO_new_mem_buf(encoded.c_str(), -1), BIO_free_all);
     if (!bio)
     {
         std::string msg("Crypto Error (deserializeRSAPublicKey): Could not create BIO");
@@ -174,7 +166,7 @@ std::string pcrypto::pkenc::PublicKey::Serialize() const
         throw Error::RuntimeError(msg);
     }
 
-    BIO_ptr bio(BIO_new(BIO_s_mem()), BIO_free_all);
+    pdo::crypto::BIO_ptr bio(BIO_new(BIO_s_mem()), BIO_free_all);
     if (!bio)
     {
         std::string msg("Crypto Error (Serialize): Could not create BIO");

common/crypto/sig.cpp

@@ -41,18 +41,13 @@ unsigned int pcsig::Key::MaxSigSize() const
 void pcsig::Key::SetSigDetailsFromDeserializedKey()
 {
     int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(key_));
-    if(nid == NID_undef)
-    {
-        std::string msg("Crypto Error (sig::PrivateKey(const std::string& encoded): undefined nid");
-        throw Error::RuntimeError(msg);
-    }
+    Error::ThrowIf<Error::RuntimeError>(
+        nid == NID_undef, "Crypto Error (sig::PrivateKey(const std::string& encoded): undefined nid");
 
     auto mSigCurve = NidToSigCurveMap.find(nid);
-    if(mSigCurve == NidToSigCurveMap.end())
-    {
-        std::string msg("Crypto Error (sig::PrivateKey(const std::string& encoded):unsupported nid: " + nid);
-        throw Error::RuntimeError(msg);
-    }
+    Error::ThrowIf<Error::RuntimeError>(
+        mSigCurve == NidToSigCurveMap.end(),
+        "Crypto Error (sig::PrivateKey(const std::string& encoded):unsupported nid: " + nid);
 
     sigDetails_ = pcsig::SigDetails[static_cast<int>(mSigCurve->second)];
 }

common/crypto/sig.h

@@ -22,6 +22,12 @@
 
 #include "types.h"
 
+// Generally, this should be set in the makefile and provides
+// the default curve when no curve is explicitly set
+#ifndef PDO_DEFAULT_SIGCURVE
+#define PDO_DEFAULT_SIGCURVE SECP384R1
+#endif
+
 namespace pdo
 {
 namespace crypto